are algorithms that are robust to arbitrary types of failures in distributed algorithms. With the advent and popularity of the Internet, there is a need to develop algorithms that do not require any centralized control that have some guarantee of always working correctly. The Byzantine agreementprotocol is an essential part of this task. In this article the quantum version of the Byzantine protocol, which works in constant time is described.
Introduction
The Byzantine Agreement protocol is a protocol in distributed computing. It takes its name from a problem formulated by Lamport, Shostak and Pease in 1982, which itself is a reference to a historical problem. The Byzantine army was divided into divisions with each division being led by a General with the following properties:
Each General is either loyal or a traitor to the Byzantine state.
All Generals communicate by sending and receiving messages.
There are only two commands: attack and retreat.
All loyal Generals should agree on the same plan of action: attack or retreat.
A small linear fraction of bad Generals should not cause the protocol to fail.
. The problem usually is equivalently restated in the form of a commanding General and loyal Lieutenants with the General being either loyal or a traitor and the same for the Lieutenants with the following properties.
All loyal Lieutenants carry out the same order.
If the commanding General is loyal, all loyal Lieutenants obey the order that he sends.
A strictly less than fraction including the commanding General are traitors.
Failures in an algorithm or protocol can be categorized into three main types:
A failure to take another execution step in the algorithm: This is usually referred to as a "fail stop" fault.
A random failure to execute correctly: This is called a "random fault" or "random Byzantine" fault.
An arbitrary failure where the algorithm fails to execute the steps correctly which also encompasses the previous two types of faults; this is called a "Byzantine fault".
A Byzantine resilient or Byzantine fault tolerant protocol or algorithm is an algorithm that is robust to all the kinds of failures mentioned above. For example, given a space shuttle with multiple redundant processors, if the processors give conflicting data, which processors or sets of processors should be believed? The solution can be formulated as a Byzantine fault tolerant protocol.
Sketch of the algorithm
We will sketch here the asynchronous algorithm The algorithm works in two phases:
weak coin flipping protocols: The two players A and B initially start with no inputs and they are to compute some value and be able to accuse anyone of cheating. The protocol is successful if A and B agree on the outcome. The outcome 0 is defined as A winning and 1 as B winning. The protocol has the following properties:
*If both players are honest, then they agree on the outcome of the protocol with for.
*If one of the players is honest, then the other party wins with probability at most. In other words, if B is dishonest, then, and if A is dishonest, then.
A strong coin flipping protocol: In a strong coin flipping protocol, the goal is instead to produce a random bit which is biased away from any particular value 0 or 1. Clearly, any strong coin flipping protocol with bias leads to weak coin flipping with the same bias.
A verifiable secret sharing protocol: A secret sharing protocol allows a set of n players to share a secret, s such that only a quorum of k or more players can discover the secret. The player sharing the secret is usually referred to as the dealer. A verifiable secret sharing protocol differs from a basic secret sharing protocol in that players can verify that their shares are consistent even in the presence of a malicious dealer.
Round 1 generate the GHZ state on qubits and send the th qubit to the th player keeping one part
Generate the state on qubits, an equal superposition of the numbers between 1 and. Distribute the qubits between all the players
Receive the quantum messages from all players and wait for the next communication round, thus forcing the adversary to choose which messages were passed.
Round 2: Measure all qubits received in round I. Select the player with the highest leader value as the "leader" of the round. Measure the leader’s coin in the standard base.
Set the output of the QuantumCoinFlip protocol: = measurement outcome of the leader’s coin.
The Byzantine protocol
To generate a random coin assign an integer in the range to each player and each player is not allowed to choose its own random ID as each player selects a random number for every other player and distributes this using a verifiable secret sharing scheme. At the end of this phase players agree on which secrets were properly shared, the secrets are then opened and each player is assigned the value This requires private information channels so we replace the random secrets by the superposition. In which the state is encoded using a quantum verifiable secret sharing protocol. We cannot distribute the state since the bad players can collapse the state. To prevent bad players from doing so we encode the state using the Quantum verifiable secret sharing and send each player their share of the secret. Here again the verification requires Byzantine Agreement, but replacing the agreement by the grade-cast protocol is enough.
Grade-cast protocol
A grade-cast protocol has the following properties using the definitions in Informally, a graded broadcast protocol is a protocol with a designated player called “dealer” such that:
If the dealer is good, all the players get the same message.
Even if the dealer is bad, if some good player accepts the message, all the good players get the same message.
A protocol P is said to be achieve graded broadcast if, at the beginning of the protocol, a designated player D holds a value v, and at the end of the protocol, every player outputs a pair such that the following properties hold:
If D is honest, then = v and = 2 for every honest player.
For any two honest players and .
For any two honest players and, if and, then.
For the verification stage of the QVSS protocol guarantees that for a good dealer the correct state will be encoded, and that for any, possibly faulty dealer, some particular state will be recovered during the recovery stage. We note that for the purpose of our Byzantine quantum coin flip protocol the recovery stage is much simpler. Each player measures his share of the QVSS and sends the classical value to all other players. The verification stage guarantees, with high probability, that in the presence of up to faulty players all the good players will recover the same classical value.
Remarks
In 2007, a quantum protocol for Byzantine Agreement was demonstrated experimentally using a four-photon polarization-entangled state. This shows that the quantum implementation of classical Byzantine Agreement protocols is indeed feasible.